- hosts: tf_servers
  vars_files:
    - "{{ playbook_dir }}/../vars/main.yml"
  tasks:

  - debug:
      msg: "{{ cluster_subnets }}"

#### TODO Create VIPs ####
#### TODO Add bootstrap and masters to API VIP ####
#### TODO Add workers to WC VIP ####

#### Reserve Cluster Node DHCP entries ####
#### IP: X.X.X.2 for Manual VIP creation
  - name: Apply Bootstrap - Create DHCP Manual entries
    include: ipam/reserve_dhcp.yaml bmc_ip="{{ bootstrap['bmc_ip'] }}" name="{{ bootstrap['name'] }}.{{ ocp_cluster_name }}" cluster_subnet="{{ bootstrap['subnet'] }}"

#### IP: X.X.X.3-5 for Manual VIP creation
  - name: Apply Masters - Create DHCP Manual entries
    include: ipam/reserve_dhcp.yaml bmc_ip="{{ item['bmc_ip'] }}" name="{{ item['name'] }}.{{ ocp_cluster_name }}" cluster_subnet="{{ item['subnet'] }}"
    with_items: "{{ masters }}"

#### IP: X.X.X.6-X for Manual VIP creation
  - name: Apply Workers - Create DHCP Manual entries
    include: ipam/reserve_dhcp.yaml bmc_ip="{{ item['bmc_ip'] }}" name="{{ item['name'] }}.{{ ocp_cluster_name }}" cluster_subnet="{{ item['subnet'] }}"
    with_items: "{{ workers }}"

##### Apply bootstrap #####
  - name: Bootstrap node
    include: "baremetal/setup_bmc.yaml bmc_ip={{ bootstrap['bmc_ip'] }} node_type=bootstrap"
    
  - name: Wait for bootstrap node to host ignition files
    uri:
      url: "https://api-int.{{ ocp_cluster_name}}.{{ dns_domain }}:22623/config/master"
      follow_redirects: all
      validate_certs: false
    register: response
    until: response.status == 200
    retries: 180
    delay: 10

##### Apply Masters #####
  - name: Master nodes
    include: "baremetal/setup_bmc.yaml bmc_ip={{ item['bmc_ip'] }} node_type=master"
    with_items: "{{ masters }}"

#### Wait for Boostrap to complete #### 
  - name: Openshift Install - Wait for bootstrap complete
    shell: "{{ ocp_bin_path }}/openshift-install --dir={{ ocp_cluster_tmpfs }}/openshift wait-for bootstrap-complete --log-level=debug &"
    register: bootstrap_result
    until: '"Bootstrap status: complete" in bootstrap_result.stderr'
    retries: 360
    delay: 10

#### TODO Remove bootstrap from API VIP ####

##### Apply Workers #####
  - name: Apply Workers - Wait https://api-int.{{ ocp_cluster_name }}.{{ dns_domain }}:22623/config/worker
    uri:
      validate_certs: no
      url: "https://api-int.{{ ocp_cluster_name }}.{{ dns_domain }}:22623/config/worker"
      method: GET
      return_content: yes
    register: worker_config_files_check
    until: worker_config_files_check.status == 200
    retries: 200
    delay: 10

  - name: Worker nodes
    include: "baremetal/setup_bmc.yaml bmc_ip={{ item['bmc_ip'] }} node_type=worker"
    with_items: "{{ workers }}"

#### Openshift Install - wait for API ####
  - name: Openshift Install - Wait for API - https://api-int.{{ ocp_cluster_name }}.{{ dns_domain }}:6443/healthz
    uri:
      validate_certs: no
      url: "https://api-int.{{ ocp_cluster_name }}.{{ dns_domain }}:6443/healthz"
      method: GET
      return_content: yes
    register: ocp_api_healthz
    until: ocp_api_healthz.status == 200
    retries: 200
    delay: 10

  - name: Wait till app nodes have attached to cluster
    environment:
      KUBECONFIG: "{{ ocp_cluster_tmpfs }}/openshift/auth/kubeconfig"
    shell: >
      {{ ocp_bin_path }}/oc get csr --no-headers | awk '{print $1}' | xargs {{ ocp_bin_path }}/oc adm certificate approve &>/dev/null;
      {{ ocp_bin_path }}/oc get nodes | grep app | wc -l
    register: worker_node_wait
    until: worker_node_wait.stdout|int == workers|length|int
    retries: 200
    delay: 10

  - name: Openshift Install - Wait for install complete
    shell: "{{ ocp_bin_path }}/openshift-install --dir={{ ocp_cluster_tmpfs }}/openshift wait-for install-complete --log-level=debug"
    register: install_result
    until: '"Install complete!" in install_result.stderr'
    retries: 500
    delay: 20

  - name: Template patch for ingress project and infra nodes
    template: 
      src: "{{ playbook_dir }}/../templates/ingress_patch.yaml.j2"
      dest: /tmp/ecs_iaas/{{ ocp_cluster_name }}/openshift//ingress_patch.yaml

  - name: Patch ingress project and infra nodes with NodeSelector
    environment:
      KUBECONFIG: "/tmp/ecs_iaas/{{ ocp_cluster_name }}/openshift/auth/kubeconfig"
    shell: "{{ ocp_bin_path }}/oc apply -f /tmp/ecs_iaas/{{ ocp_cluster_name }}/openshift/ingress_patch.yaml"

  - name: Grab kubeconfig into variable
    slurp: 
      src: "{{ ocp_cluster_tmpfs }}/openshift/auth/kubeconfig"
    register: kubeconfig_b64_slurp
    no_log: "{{ no_log }}"

  - set_fact:
      kubeconfig_b64: "{{ kubeconfig_b64_slurp.content }}"

  - name: Get Credential type from Tower
    uri:
      url: "https://{{ tower_fqdn }}/api/v2/credential_types/?name=ecs_kubeconfig"
      method: GET
      user: "{{ tower_username }}"
      password: "{{ tower_password }}"
      force_basic_auth: yes
      validate_certs: no
    register: credential_type_id
    no_log: "{{ no_log }}"


  - name: Get Organization from Tower
    uri:
      url: "https://{{ tower_fqdn }}/api/v2/organizations/?name={{ tower_org_name }}"
      method: GET
      user: "{{ tower_username }}"
      password: "{{ tower_password }}"
      force_basic_auth: yes
      validate_certs: no
    register: org_id
    no_log: "{{ no_log }}"


  - name: Place Kubeconfig in tower
    uri:
      url: https://{{ tower_fqdn }}/api/v2/credentials/
      headers:
        Content-Type: "application/json"
      method: POST
      user: "{{ tower_username }}"
      password: "{{ tower_password }}"
      body_format: json
      body:
        credential_type: "{{ credential_type_id.json.results[0].id }}"
        description: ""
        inputs:
          kubeconfig_b64: "{{ kubeconfig_b64 }}"
        name: "kubeconfig_{{ ocp_cluster_name }}"
        organization: "{{ org_id.json.results[0].id }}"
      force_basic_auth: yes
      status_code: 201
      validate_certs: no
    no_log: "{{ no_log }}"
    ignore_errors: yes

## Added ignore_errors for Ansible Tower 500 Internal Server Error

### Deployment server cleanup ###

  - name: Delete cluster provisioning files
    file:
      path: "{{ ocp_cluster_tmpfs }}/"
      state: absent

  - name: Unmount cluster directory from tmpfs
    mount:
      state: absent
      path: "{{ ocp_cluster_tmpfs }}"
      fstype: tmpfs
      opts: size=1m
      src:  "{{ ocp_cluster_name }}-tmpfs"

  - name: Delete cluster directory 
    file:
      path: "{{ ocp_cluster_tmpfs }}"
      state: absent

  - name: Delete cluster ignition folder 
    file:
      path: "/var/www/html/openshift/{{ ocp_cluster_name }}"
      state: absent

----------------
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  creationTimestamp: '2024-03-07T19:56:26Z'
  generation: 15
  managedFields:
    - apiVersion: tekton.dev/v1beta1
      fieldsType: FieldsV1
      fieldsV1:
        'f:spec':
          .: {}
          'f:params': {}
          'f:steps': {}
          'f:workspaces': {}
      manager: Mozilla
      operation: Update
      time: '2024-03-15T18:25:55Z'
  name: recreate-vd
  namespace: baremetal-cr
  resourceVersion: '391897059'
  uid: 84a279b7-488c-49fd-a759-2f7ab02c52db
spec:
  params:
    - description: The username for the BMC
      name: bmc-user
      type: string
    - description: The password for the BMC
      name: bmc-pass
      type: string
    - description: OpenShift cluster name for virtual media
      name: ocp-cluster-name
      type: string
    - description: infra env
      name: infra-env
      type: string
    - default: acm-config
      description: namespace of rackvars
      name: rack-ns
      type: string
  steps:
    - env:
        - name: infra-env
          value: $(params.infra-env)
        - name: rack-ns
          value: $(params.rack-ns)
        - name: hp-redfish-prefix
          value: 'redfish-virtualmedia://'
        - name: dell-redfish-prefix
          value: 'idrac-virtualmedia://'
        - name: hp-redfish-endpoint
          value: /redfish/v1/Systems/1
        - name: dell-redfish-endpoint
          value: /redfish/v1/Systems/System.Embedded.1
      image: >-
        docker-enterprise-dev.artifactrepository.citigroup.net/cate-citisystems-openshift/openshift4:4.12.33-x86_64-cli
      name: setup-bmc
      resources: {}
      script: >
        #!/usr/bin/env python3

        import os

        import requests

        import json

        import time

        import sys


        # Disable warnings for SSL Certificate

        requests.packages.urllib3.disable_warnings()

        infra_env = os.environ['infra-env']

        rack_ns = os.environ['rack-ns'] 

        machines=json.loads(os.popen('oc get rack %s -n %s -o
        jsonpath={.spec.machines}' % (infra_env,rack_ns)).read())

        dns_domain = os.popen('oc get rack %s -n %s -o
        jsonpath={.spec.dns_domain}' % (infra_env,rack_ns)).read()

        vendor = os.popen('oc get rack %s -n %s -o
        jsonpath={.spec.hardware_vendor}' % (infra_env,rack_ns)).read()


        bmc_user = "$(params.bmc-user)"

        bmc_pass = "$(params.bmc-pass)"

        ocp_cluster_name = "$(params.ocp-cluster-name)"

        ok_status = [200, 201, 202, 203, 204]
             

        # Virtual Media Operations 

        for machine in machines:
            name = machine['name']
            bmc_ip = machine['bmc_ip']
            host_mac = machine['host_mac']
            fqdn = f"{name}.{dns_domain}"
            node_type = machine['node_type']

            session_url = f"https://{bmc_ip}/redfish/v1/SessionService/Sessions/"

            system_url = f"https://{bmc_ip}/redfish/v1/Systems"

            managers_url = f"https://{bmc_ip}/redfish/v1/Managers"

            # Create a session to get the X-Auth-Token

            response = requests.post(session_url, verify=False,
            headers={"Content-Type": "application/json"}, json={"UserName":
            bmc_user, "Password": bmc_pass})

            if response.status_code in ok_status:
                print(f"\n\nSession created to get X-Auth-Token to perform Virtual Media Operations on {node_type} node.")
            else:
                print('Failed to create a session to get X-Auth-Token. Status code:', response.status_code)

            token = response.headers.get("X-Auth-Token")

            session_id = response.headers.get("Location")
                    
            # Use token for subsequent requests

            auth_header = {"X-Auth-Token": token}

            # Get system information

            response_systems = requests.get(system_url, headers=auth_header,
            verify=False)

            systems_endpoint = response_systems.json()['Members'][0]['@odata.id']

            # Get Vendor information

            manufacturer_response = requests.get(f"https://{bmc_ip}{systems_endpoint}",
            headers=auth_header, verify=False)

            print(f"manufacturer_response: {manufacturer_response}")

            manufacturer = manufacturer_response.json()['Manufacturer']

            print(f"Manufacturer: {manufacturer}")

            # Get Manager information

            response_managers = requests.get(managers_url, headers=auth_header,
            verify=False)

            managers_endpoint = response_managers.json()['Members'][0]['@odata.id']

            # Virtual Media Operations based on Vendor 

            if "Dell" in manufacturer:

                # Headers for requests
                headers = {
                    "Content-Type": "application/json",
                    "X-Auth-Token": token
                }

                def fetch_volumes(controller_fqdd):
                    """Fetch all volumes for the specified controller."""
                    url = f'https://{bmc_ip}/redfish/v1/Systems/System.Embedded.1/Storage/{controller_fqdd}/Volumes'
                    response = requests.get(url, headers=headers, verify=False)
                    volumes = []
                    if response.status_code == 200:
                        data = response.json()
                        for volume in data.get('Members', []):
                            volume_detail = requests.get(f'https://{bmc_ip}{volume["@odata.id"]}', headers=auth_header, verify=False).json()
                            volumes.append({
                                "id": volume["@odata.id"].split('/')[-1],
                                "name": volume_detail.get('Name'),
                                "drives": [drive["@odata.id"].split('/')[-1] for drive in volume_detail.get('Links', {}).get('Drives', [])],
                            })
                    else:
                        print(f"Failed to fetch volumes for controller {controller_fqdd}. Status code: {response.status_code}")
                        sys.exit(1)
                    return volumes

                def delete_volume(controller_fqdd, volume_id):
                    """Delete a volume."""
                    url = f'https://{bmc_ip}/redfish/v1/Systems/System.Embedded.1/Storage/{controller_fqdd}/Volumes/{volume_id}'
                    print(f"delete url: {url}")
                    response = requests.delete(url, headers=headers, verify=False)
                    if response.status_code in [200, 201, 202, 203, 204]:
                        print(f"Successfully deleted volume: {volume_id}")
                    else:
                        print(f"Failed to delete volume {volume_id}. Status code: {response.status_code}, Response: {response.text}")
                        sys.exit(1)

                def recreate_volumes(controller_fqdd, volumes_info):
                    """Recreate each volume with its original name and associated disks."""
                    for volume in volumes_info:
                        url = f'https://{bmc_ip}/redfish/v1/Systems/System.Embedded.1/Storage/{controller_fqdd}/Volumes'
                        print(f"recreate url: {url}")

                        verify_ssl = False

                        payload = {
                            "Name": volume['name'],
                            "VolumeType": "NonRedundant",  # Adjust if needed
                            "Drives": [{"@odata.id": f"/redfish/v1/Systems/System.Embedded.1/Storage/Drives/{drive_id}"} for drive_id in volume['drives']],
                        }

                        print(f"payload: {payload}")

                        time.sleep(120)

                        print(f"auth_header: {auth_header}")

                        response = requests.post(url, headers=headers, data=json.dumps(payload), verify=False)
                        content_type = response.headers.get('Content-Type', 'Content-Type header not found')
                        print(content_type)

                        print("Request Body:", response.request.body)

                        if response.status_code in [200, 201, 202, 203, 204]:
                            print(f"Volume {volume['name']} recreated successfully.")
                        else:
                            print(f"Failed to recreate volume {volume['name']}. Status code: {response.status_code}, Response: {response.text}")
                            print(f"Error: {response.content.decode('utf-8')}.")
                            sys.exit(1)

                # Main Logic
                controller_fqdd = "RAID.Integrated.1-1"

                # Fetch all volumes for the specified controller
                volumes = fetch_volumes(controller_fqdd)

                # Delete each volume
                for volume in volumes:
                    delete_volume(controller_fqdd, volume['id'])

                # Wait for the deletion before recreation
                time.sleep(10) 

                # Recreate each volume with the same name and associated disks
                recreate_volumes(controller_fqdd, volumes)

            # Close Session

            session_id_url = f'https://{bmc_ip}{session_id}'

            response = requests.delete(session_id_url, headers=auth_header, verify=False)

            if response.status_code in ok_status:
                print('Session closed successfully.')
            else:
                print('Failed to close session. Status code:', response.status_code)
            
  workspaces:
    - description: The git repo will be cloned onto the volume backing this Workspace.
      name: output

